diff --git a/app/controllers/news_controller.rb b/app/controllers/news_controller.rb
index a67ef88c8..032509edd 100644
--- a/app/controllers/news_controller.rb
+++ b/app/controllers/news_controller.rb
@@ -22,9 +22,9 @@ class NewsController < ApplicationController
   model_object News
   before_action :find_model_object, :except => [:new, :create, :index]
   before_action :find_project_from_association, :except => [:new, :create, :index]
-  before_action :find_project_by_project_id, :only => [:new, :create]
-  before_action :authorize, :except => [:index]
-  before_action :find_optional_project, :only => :index
+  before_action :find_project_by_project_id, :only => :create
+  before_action :authorize, :except => [:index, :new]
+  before_action :find_optional_project, :only => [:index, :new]
   accept_rss_auth :index
   accept_api_auth :index, :show, :create, :update, :destroy
 
@@ -65,6 +65,9 @@ class NewsController < ApplicationController
   end
 
   def new
+    unless User.current.allowed_to?(:manage_news, @project, :global => true)
+      raise ::Unauthorized
+    end
     @news = News.new(:project => @project, :author => User.current)
   end
 
@@ -77,7 +80,7 @@ class NewsController < ApplicationController
         format.html {
           render_attachment_warning_if_needed(@news)
           flash[:notice] = l(:notice_successful_create)
-          redirect_to project_news_index_path(@project)
+          redirect_to params[:cross_project] ? news_index_path : project_news_index_path(@project)
         }
         format.api  { render_api_ok }
       end
diff --git a/app/views/news/_form.html.erb b/app/views/news/_form.html.erb
index 58f68e1b2..e5181f46f 100644
--- a/app/views/news/_form.html.erb
+++ b/app/views/news/_form.html.erb
@@ -1,6 +1,13 @@
 <%= error_messages_for @news %>
 
 <div class="box tabular">
+<% if @project.nil? %>
+  <p>
+    <label><%= l(:field_project) %> <span class="required">*</span></label>
+    <%= select_tag :project_id, options_for_select(project_tree_options_for_select(Project.allowed_to(:manage_news).to_a), Project.allowed_to(:manage_news).first), {:required => true} %>
+    <%= hidden_field_tag :cross_project, 1, id: nil %>
+  </p>
+<% end %>
 <p><%= f.text_field :title, :required => true, :size => 60 %></p>
 <p><%= f.text_area :summary, :cols => 60, :rows => 2 %></p>
 <p><%= f.text_area :description, :required => true, :cols => 60, :rows => 15, :class => 'wiki-edit',
diff --git a/app/views/news/index.html.erb b/app/views/news/index.html.erb
index 073099f56..3a8f1ccb2 100644
--- a/app/views/news/index.html.erb
+++ b/app/views/news/index.html.erb
@@ -1,19 +1,19 @@
 <div class="contextual">
 <%= link_to(l(:label_news_new),
-            new_project_news_path(@project),
+            (@project ? project_news_index_path(@project) : news_index_path),
             :class => 'icon icon-add',
-            :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if @project && User.current.allowed_to?(:manage_news, @project) %>
+            :onclick => 'showAndScrollTo("add-news", "news_title"); return false;') if (@project.nil? || (@project && User.current.allowed_to?(:manage_news, @project))) %>
 <%= watcher_link(@project.enabled_module('news'), User.current) if @project && User.current.logged? %>
 </div>
 
 <div id="add-news" style="display:none;">
 <h2><%=l(:label_news_new)%></h2>
-<%= labelled_form_for @news, :url => project_news_index_path(@project),
+<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path),
                                            :html => { :id => 'news-form', :multipart => true } do |f| %>
 <%= render :partial => 'news/form', :locals => { :f => f } %>
 <%= submit_tag l(:button_create) %>
 <%= link_to l(:button_cancel), "#", :onclick => '$("#add-news").hide()' %>
-<% end if @project %>
+<% end %>
 </div>
 
 <h2><%=l(:label_news_plural)%></h2>
diff --git a/app/views/news/new.html.erb b/app/views/news/new.html.erb
index cf57140b8..6ac32008d 100644
--- a/app/views/news/new.html.erb
+++ b/app/views/news/new.html.erb
@@ -1,6 +1,6 @@
 <h2><%=l(:label_news_new)%></h2>
 
-<%= labelled_form_for @news, :url => project_news_index_path(@project),
+<%= labelled_form_for @news, :url => (@project ? project_news_index_path(@project) : news_index_path),
                                            :html => { :id => 'news-form', :multipart => true } do |f| %>
   <%= render :partial => 'news/form', :locals => { :f => f } %>
   <%= submit_tag l(:button_create) %>
diff --git a/config/routes.rb b/config/routes.rb
index 7e8cdeac9..f344d9f4f 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -206,7 +206,7 @@ Rails.application.routes.draw do
   resources :queries, :except => [:show]
   get '/queries/filter', :to => 'queries#filter', :as => 'queries_filter'
 
-  resources :news, :only => [:index, :show, :edit, :update, :destroy]
+  resources :news, :only => [:index, :show, :edit, :update, :destroy, :create, :new]
   match '/news/:id/comments', :to => 'comments#create', :via => :post
   match '/news/:id/comments/:comment_id', :to => 'comments#destroy', :via => :delete
 
diff --git a/test/functional/news_controller_test.rb b/test/functional/news_controller_test.rb
index 76517e1a1..220ccdeb8 100644
--- a/test/functional/news_controller_test.rb
+++ b/test/functional/news_controller_test.rb
@@ -87,13 +87,32 @@ class NewsControllerTest < Redmine::ControllerTest
     assert_response 404
   end
 
-  def test_get_new
+  def test_get_new_with_project_id
     @request.session[:user_id] = 2
     get(:new, :params => {:project_id => 1})
     assert_response :success
+    assert_select 'select[name=project_id]', false
     assert_select 'input[name=?]', 'news[title]'
   end
 
+  def test_get_new_without_project_id
+    @request.session[:user_id] = 2
+    get(:new)
+    assert_response :success
+    assert_select 'select[name=project_id]'
+    assert_select 'input[name=?]', 'news[title]'
+  end
+
+  def test_get_new_if_user_does_not_have_permission
+    @request.session[:user_id] = 2
+    User.find(2).roles.each{|u| u.remove_permission! :manage_news }
+
+    get(:new)
+    assert_response :forbidden
+    assert_select 'select[name=project_id]', false
+    assert_select 'input[name=?]', 'news[title]', count: 0
+  end
+
   def test_post_create
     ActionMailer::Base.deliveries.clear
     @request.session[:user_id] = 2
@@ -121,6 +140,34 @@ class NewsControllerTest < Redmine::ControllerTest
     assert_equal 2, ActionMailer::Base.deliveries.size
   end
 
+  def test_post_create_with_cross_project_param
+    ActionMailer::Base.deliveries.clear
+    @request.session[:user_id] = 2
+
+    with_settings :notified_events => %w(news_added) do
+      post(
+        :create,
+        :params => {
+          :project_id => 1,
+          :cross_project => '1',
+          :news => {
+            :title => 'NewsControllerTest',
+            :description => 'This is the description',
+            :summary => ''
+          }
+        }
+      )
+    end
+    assert_redirected_to '/news'
+
+    news = News.find_by_title('NewsControllerTest')
+    assert_not_nil news
+    assert_equal 'This is the description', news.description
+    assert_equal User.find(2), news.author
+    assert_equal Project.find(1), news.project
+    assert_equal 2, ActionMailer::Base.deliveries.size
+  end
+
   def test_post_create_with_attachment
     set_tmp_attachments_directory
     ActionMailer::Base.deliveries.clear
diff --git a/test/integration/routing/news_test.rb b/test/integration/routing/news_test.rb
index 8e62da774..7863fad5f 100644
--- a/test/integration/routing/news_test.rb
+++ b/test/integration/routing/news_test.rb
@@ -29,6 +29,8 @@ class RoutingNewsTest < Redmine::RoutingTest
 
   def test_news
     should_route 'GET /news' => 'news#index'
+    should_route 'GET /news/new' => 'news#new'
+    should_route 'POST /news' => 'news#create'
     should_route 'GET /news.atom' => 'news#index', :format => 'atom'
     should_route 'GET /news/2' => 'news#show', :id => '2'
     should_route 'GET /news/2/edit' => 'news#edit', :id => '2'